Highlights:
- The announcement comes soon after the U.S. government made it clear in Executive Order 14028 and OMB Memo M-22-09 how important it is to use phishing-resistant MFA.
- With the new CBA feature from Microsoft, organizations with smart cards and public-key infrastructure (PKI) deployments will be able to authenticate Azure AD without a federated server.
One of the most effective tools used by cybercriminals is phishing emails. The ITRC says that phishing, smishing, or BEC accounted for 537 of the 1,613 breaches that were made public in 2021.
Microsoft released three new phishing-resistant solutions today to help organizations eliminate phishing attacks in Azure, Office 365, and remote desktop environments. These solutions are an attempt to deal with the threat of phishing.
More specifically, the addition of certificate-based authentication (CBA), conditional access authentication and support for FIDO authenticators in Azure virtual desktop adds support for more multifactor authentication (MFA) controls to protect privileged users from phishing attacks and theft of their credentials.
For businesses, the release shows that the ecosystem for passwordless authentication is growing quickly and could make it less important to use login credentials that are easy to hack and steal.
The announcement comes soon after the U.S. government made it clear in Executive Order 14028 and OMB Memo M-22-09 how important it is to use phishing-resistant MFA.
It also comes at a time when the number of phishing scams keeps rising. According to Zscaler, the number of phishing attacks rose 29% worldwide, reaching a record high of 873.9 million attacks.
Sue Bohn, VP of product management for Microsoft’s Identity and Network Access (IDNA) group, said, “Providing new identity solutions to protect our customers is paramount in the fight to stop phishing.” She added, “We’re excited to launch these new features that support key steps customers can take in their Zero Trust journey, and Yubico has been with us fighting against these phishing attacks every step of the way.”
A look at Microsoft’s new anti-phishing features
With the new CBA feature from Microsoft, organizations with smart cards and public-key infrastructure (PKI) deployments will be able to authenticate Azure AD without a federated server.
Furthermore, conditional access allows businesses to implement specific policies for user authentication, such as YuBiKeys for MFA, which is resistant to phishing or FIDO-based passwordless or certificate-based authentication. This makes it much harder for cybercriminals to go after privileged Azure users.
Azure Virtual Desktops (AVD) new support for FIDO authenticators means users can connect to their own workstations in the cloud without FIDO-based passwordless authentication.
Across the board, these protections will make it much harder for threat actors to get into protected resources through phishing and stealing credentials.